DSA-5103-1 openssl -- opensslID: oval:org.secpod.oval:def:606181 | Date: (C)2022-03-18 (M)2023-12-07 |
Class: PATCH | Family: unix |
Tavis Ormandy discovered that the BN_mod_sqrt function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20220315.txt In addition this update corrects a carry propagation bug specific to MIPS architectures.
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
openssl |
libcrypto1.1-udeb |
libssl-dev |
libssl-doc |
libssl1.1 |